Act as independent executive primarily responsible for Touchstone Communications compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentations required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive upgradation and technological compliances Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:
Advise senior management on matters related to Information Security and compliance to enhance company’s overall security posture.
Lead Touchstone to gain and maintain PCI, DSS, SOCII, and HIPAA Compliance certifications.
Leading the Information Security & compliance initiatives to meet Touchstone organization wide internal and external Information Security requirements. 
Development and implementation of information security policy across the organization.
Conduct companywide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit and code assessment.
Review and revise development process to implement SSDLC.
Develop and implement information security awareness and training programs.
Manage compliance and regulatory requirements concerning the information security department.

• Takes care of the day-to-day operations and data structures by overseeing operational performance.
• Takes care of cyber security projects and makes sure they meet cyber security objectives. Offers cyber security operations such as process re-engineering, automation, and documentation.
• Recognizes cyber security issues, devises, and drives effective mitigation. Actively searches for vulnerabilities and risks in hardware and software and conducts threat and risk analysis and provides essential suggestions for their mitigation.
• Assists with the configuration of anti-virus systems and consoles, having an in-depth understanding of vulnerabilities management systems and common security applications.
• Conducts software upgrades and explains performance criteria, documents configurations, and systems specifications.
• Manages and monitors any attacks and intrusions. Protects software and hardware from threats and identifies and manages incidents and mitigates risks.
• Assists in performing research, testing, evaluation, and deployment of security procedures.
• Designs security training materials and organizes training sessions for the users.
• Examines and evaluates security-related technologies. Resolves security issues and other data-related problems. Monitors network traffic and internet connectivity data and reports on risks.
• Responsible for collecting and analyzing data and assists in eliminating risk, performance and capacity issues. Handles any issues related to service providers and SLA’s.
• Regulates enterprise information assurance and security standards. Collaborates and evaluates security programs for the organization. Supports users in the development and implementation of policies.
• Creates own tools and actively takes part in the security architecture review of client technologies.
• Conducts risk assessments and business impact analysis on new systems and technologies.

• Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) Plans for Askari
Bank Ltd.
• Drafted company policies and procedures governing corporate security, email and Internet usage, access control,
and incident response.
• Authored numerous ISO 27001 procedures and security policies in support of IT operations, participating in regular
audits to ensure regulatory compliance.
• Analyze security events across internal, perimeter and cloud security devices, including Email Gateway and Proxy,
Web Application Firewalls, Network Load Balancer, Privileged Identity and Access Management.
• Active participant for BCP/DRP testing, including testing Security and network components.
• Manage and fine tune Application Whitelisting and SIEM solutions.
Review projects of Information technology from Information security perspective.
• Review Security configuration and architecture, Implementation assistance in end point security products.
• Prepare hardening baselines for all IT services and devices and ensure compliance.
• Overall coordination and tracking of all internal and external related security incidents.
• Prepare information security incident reports as applicable and assume ownership for timely resolution of all
Information Security incidents as per SLAs.
• Set process to track and monitor the vulnerabilities on various information assets and track the same for closure. Ensure timely updates of risk register and liaise with internal teams on closure.
• Develop and improve processes and procedures around Information security to test patches before implementation.
• Perform Periodic risk & vulnerability assessment of IT infrastructure using various industry standard tools.
• Monitoring security logs and activities using log analysis tools.
• Ensure compliance with ISO27001:2013 standards and ensure relevant evidences are appropriately collected and maintained centrally.